On 25 May 2018 the Data Protection Act was superseded by the General Data Protection Regulation. Members (current and prospective) should not notice significant changes to the operation of the Society and how we communicate. However, it is now important to be clear that members provide the Society with certain types of personal information and so consent to it being held and processed in order to fulfil the subscription. For more information please refer to this Data Protection and Privacy Policy.

 

Pipe Roll Society Data Protection and Information Security Policy

On 25 May 2018 most processing of personal data by organisations will have to comply with the new EU General Data Protection Regulation. This Policy sets out the personal data the Pipe Roll Society collects and the mechanisms by which it seeks to process further, manage (including destruction) and store that data, in order to comply with this legislation and fulfil the contractual agreement between Society and member with regard to the benefits of the subscription. It also outlines procedures for review and revision in line with future legislation.

1. The main form of personal information collected, managed and stored by the Society relates to its members and comprises their full name (individual or institutional), subscription details, email address (where supplied), postal address and telephone number (where supplied). Subscription payment records are also maintained.

2. Personal data regarding membership and subscription is collected in the context of joining the Society via the online subscription platform (PayPal) or via letter or email sent to the Honorary Treasurer if the subscription is paid by other means; all information is processed by the Honorary Treasurer, and membership and subscription data is securely stored on The National Archives electronic records management system where it is only accessible by the Honorary Treasurer and Honorary General Editor Dryburgh. PayPal has its own Privacy policy, which is compliant with the new General Data Protection Regulation.

3. Permission to process and store personal data is explicit in members submitting this information on their membership application form. It is processed in order to meet the obligation the Society has in fulfilling subscriptions. Members should provide updates to this information to the Honorary Treasurer by letter or via the email address on the website.

4. Data supplied by members is shared with the Society's publisher, Boydell & Brewer, and its distributor, John Wiley & Sons Inc., in order to fulfil the subscription. Only names and postal addresses are shared by the Honorary Treasurer in encrypted files. Boydell & Brewer have their own Privacy policy, which is compliant with the new General Data Protection Regulation.

5. Information held on non-members is twofold: a. Data gathered in the context of entering into a contractual relationship between the Society and prospective editors of volumes and their referees. This data is collected and maintained by the Honorary General Editors in order to assess the feasibility of prospective volumes, and in bringing such endeavours to fruition; it is shared only with members of Council so that Council can discharge its duties in line with the charitable objectives of the Society. This data usually consists of name, postal address, email and telephone contact details. It is securely stored for the express purpose for which it is collected on the secure electronic records management system at The National Archives, and is reviewed for retention on archival grounds. b. Contact details supplied by individuals who register for the Society's AGM lecture. This is collected by the relevant officer(s) of the Society in charge of the event and is only maintained and stored for as long as the information is needed to expedite that event, after which it is securely destroyed.

6. The Officer responsible for data management and security is the Honorary Treasurer, who acts as Membership Secretary and to whom all queries and requests should be addressed.

7. Subscription payment data is held for as long as the subscription is active; it is destroyed by the Honorary Treasurer within six years after the subscription has expired. Standing order bank details are not kept by the Society but by our bankers, Natwest. The details of non-members are held only as long as they are required for expediting the Society's business for which such data was provided. No records are kept relating to the one-off purchase of a volume by someone who is not a member of the Society.

8. Future requests for data from members, prospective members or non-members will be made in writing. Contact details supplied to the Society can be removed and destroyed on request at any time, and members may request not to be contacted by specific medium (e.g. telephone).

9. The Data Protection and Information Security Policy will be regularly monitored by Council under guidance from the officers. An annual review will be submitted to Council for ratification and / or modification. Revisions required by legislation will be ratified by Council.

Added 22 May 2018